Download 7. Data Privacy Option for Oracle E

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
Transcript 
7. Data Privacy Option for Oracle
E-Business Suite
This section contains information on using the Optim Data Privacy
option in conjunction with the Optim Test Data Management
Solution for Oracle E-Business Suite.
The data privacy option enables you to mask sensitive data on nonproduction instances of an Oracle E-Business database (including
test, training, and development environments). The data privacy
definitions provide the means to easily de-identify, mask and
transform sensitive data in the HRMS module of Oracle
Applications version 11.5.10.
If your current Test Data Management configuration does not
include the Data Privacy option and you would like that
functionality, contact your IBM sales representative.
This chapter includes the following topics:
• Data Privacy Overview
• Installing the Data Privacy Option
• Data Privacy Implementation
• Scenario - Core HRMS Module
• Data Privacy Reference Material
Installation and Configuration Guide
53
7. Data Privacy Option for Oracle E-Business Suite
Prerequisites
The Data Privacy option is an added feature of the Test Data
Management Solution and has the same hardware and software
requirements as outlined in Section 1.1 Hardware and Software
Requirements. For more information, see the Detailed System
Requirements document for the Test Data Management Solution
for Oracle E-Business Suite at the following site:
http://www.ibm.com/support/
search.wss?tc=SSC4TGP&sort=des&dc=DA420&dtm
54
Optim TDM and DP Solutions for Oracle E-Business Suite
7.1 Data Privacy Overview
7.1 Data Privacy Overview
Every company is required to protect personal employee
information such as addresses and Social Security numbers. Use
the Optim Data Privacy option to efficiently maintain a working
database of employee information that is secure and safe to use for
test, development and training environments.
Different approaches can be used to mask data in your Oracle EBusiness database. The following approaches involve extracting
and inserting data into a target database.
• You can mask the extracted data from an Optim Extract Request
when you insert it into your target database.
• When you use Data Privacy in conjunction with Test Data
Management, a more secure approach is to mask the extracted
data when you insert data into a clone of your production
database. The masked clone is then used as a source for
subsequent non-production databases environments.
Installation and Configuration Guide
55
7. Data Privacy Option for Oracle E-Business Suite
7.1.1 Data Privacy Implementation Architecture
To implement the Data Privacy option, extract data from your
production database and mask sensitive data as you insert it into
your target database. During the insert process, Optim uses the
provided Data Privacy definitions to mask your data.
In this approach, you must first set up your test environment. If
you are using the Data Privacy option with the Test Data Management Solution, you will have already created a database clone of
the production database and run scripts to truncate tables, reorganize table spaces, and reset sequences in your new target database.
See Section 1.2 Creating an Oracle E-Business Target Environment and Appendix B. Truncating Target Tables for more information on setting up your test environment.
With the test environment in place, you can mask data using the
Data Privacy option. To do this, perform the following steps:
56
1.
Extract the production data you will mask using an Extract
Request.
2.
Insert the extracted data into the target database using the
Data Privacy definitions provided in the Data Privacy Column
Map. This step masks your data.
Optim TDM and DP Solutions for Oracle E-Business Suite
7.1 Data Privacy Overview
7.1.2 Data Privacy Implementation Architecture with TDM
An alternate method for implementing the Data Privacy option
masks the data in a cloned master database.
After masking the new database (the Gold Master database) is
used as the source for test, development, or training environments.
This approach provides additional flexibility and security when
distributing masked data across multiple non-production
databases.
To set up a masked Gold Master database to use as the source for
your target environment, perform the following steps:
1.
Create a clone of the production database.
2.
Extract the data to be privatized from the clone by running an
Optim Extract Request.
3.
Insert the extracted data into the cloned database using the
data privacy definitions in the Data Privacy Column Map.
This step creates your Gold Master database.
Installation and Configuration Guide
57
7. Data Privacy Option for Oracle E-Business Suite
You can use the Gold Master database as your secure source for
your target environment. To create a target environment, perform
the following steps:
1.
Clone the masked Gold Master database to a target database.
2.
Extract the masked data from Gold Master using the Optim
Test Data Management Solution for Oracle E-Business.
3.
Insert the extracted data into the target database.
4.
You can then run truncate scripts to reduce the database size
and run reset scripts to reset the target database sequences
(optional).
Note:
58
For more information on truncating your database see
Appendix B. Truncating Target Tables on page 123.
For more information on resetting database sequences see
Resetting Sequences on page 31.
Optim TDM and DP Solutions for Oracle E-Business Suite
7.2 Installing the Data Privacy Option
7.2 Installing the Data Privacy Option
Before you can successfully mask the Core HRMS data, you must
properly install and configure the Optim Data Privacy option.
Perform the following steps:
1.
Install and configure the Test Data Management Solution
2.
Import data privacy definitions
3.
Create data privacy objects
7.2.1 Install and Configure the Test Data Management Solution
Before you can use the Data Privacy option you must install and
configure Optim as described in Chapter 2. Installing Optim.
The Data Privacy option uses many of the Optim Data Privacy
tables. These tables must be loaded when configuring the first
workstation.
7.2.2 Import Data Privacy Definitions
The Optim Data Privacy option installation includes an import file
that contains the Optim data privacy definitions needed to extract
and mask Core HRMS data from your Oracle E-Business source
database and insert the data into your target database.
Import the file into the Optim Directory and verify that the
definitions are imported successfully.
The import file contains the following definitions, which are
needed to extract the complete business object defined by the
Installation and Configuration Guide
59
7. Data Privacy Option for Oracle E-Business Suite
Oracle E-Business module, mask the data, and insert the data into
the target database.
Module
Object
Object Name
Core Human Resources
Management Systems (HRMS)
Access Definition
ADCHR11510DP
Extract Request
ERCHR11510DP
Insert Request
IRCHR11510DP
Table Map
TMCHR11510DP
Column Map
CMPHN11510DP
CMADR11510DP
CMCHR11510DP
• Access Definition - An Access Definition identifies the Start
Table, related tables, primary keys, relationships, and selection
criteria that define the data you want to extract from your source
database.
• Extract Request - An Extract Request initiates the Extract
Process, which allows you to copy a set of related rows from
one or more tables and stores this data in an Extract File. The
Extract Request references an Access Definition that defines the
data to be extracted.
• Insert Request - An Insert Request initiates the Insert Process,
which copies data from a source file into specified destination
tables. The Insert Request specifies an Extract File containing
the data you want to insert into your target database and the
parameters needed to run the process. The Insert Request
references a Table Map to map the destination for the data to be
inserted.
• Table Map - A Table Map defines specifications for correlating
source and destination tables of compatible data. A Table Map
can map tables that have different names, modify table names,
60
Optim TDM and DP Solutions for Oracle E-Business Suite
7.2 Installing the Data Privacy Option
exclude tables from a process, or include Column Maps for
greater control over the data. Table Maps can be used in a
Convert, Insert, or Load process, or with the Create Utility.
• Column Map - A Column Map defines the specifications for
mapping columns of compatible data between source and
destination tables. You can map columns that have different
names, modify data, or exclude columns from a process. You
can include one or more Column Maps in a Table Map when
you create a request to compare, convert, insert, load, or restore
data.
Import the Optim Data Privacy Definitions
Use the following procedure to import the data privacy definitions
into your Optim directory.
1.
In the Optim main window, select Utilities > Import.
2.
In the Import window, Process tab, click the Input File
browse button to open the Open window.
3.
Open OAHRCHR11510DP.txt from the Import/gaAD folder.
4.
Select all available check boxes in the Definitions box.
5.
Select Overwrite existing definitions (if definitions already
exist in the Optim directory).
6.
On the DB Aliases tab, enter the DB Alias for your source and
target databases in New DB Alias. (The Optim definitions
include the default source DB Alias PSTSRC and target DB
Alias PSTAPP.)
7.
Select File > Run, or click the Run icon.
8.
Click the Show process log icon
to check for errors and
view the status of the Import process.
9.
Close the Import window.
Installation and Configuration Guide
61
7. Data Privacy Option for Oracle E-Business Suite
Validate Imported Definitions
When you have finished importing the Data Privacy definitions,
you can verify that the definitions were imported successfully
using the following procedure:
1.
From the Definitions menu on the Optim main window, select
Access Definition to open the Access Definition Editor.
2.
From the File menu on the Access Definition Editor, select
Open to open the Open an Access Definition window.
3.
In the Identifier box in the Open an Access Definition
window, double-click the identifier for the Access Definition,
A4SOAE.
4.
In the Access Definition grid, double-click the Access
Definition name to open the Access Definition in the editor.
5.
On the Tables tab, note the Type value for each listed table:
• “Table” indicates that the import was successful.
• “DB Alias Unknown” indicates that the DB Alias
referenced in the Access Definition does not exist. Check
and correct the Default Qualifier (dbalias.tableowner) to
ensure the dbalias portion matches the DB Alias you
created for your source database.
• “Unknown” indicates that the table does not exist or the
tableowner referenced in the Access Definition is incorrect.
Check and correct the Default Qualifier
(dbalias.tableowner) to ensure the tableowner portion
matches the schema name for the table.
6.
On the Relationships tab, clear Use new relationships. Note
the Status value for each listed relationship:
• Blank indicates that the relationship is defined and not new.
62
Optim TDM and DP Solutions for Oracle E-Business Suite
7.2 Installing the Data Privacy Option
• “New” indicates that the relationship is new.
• “Unknown” indicates that the relationship is not defined
because the table has been deleted from the database or
Optim Directory, or the Default Qualifier on the Tables tab
has been changed. You can change the Default Qualifier
(dbalias.tableowner) to ensure the dbalias portion matches
the DB Alias for your source database. You can also import
the Optim definitions again for the source DB Alias.
• “Ref” indicates that the relationship is ignored because the
parent or child table is specified as a reference table on the
Tables tab.
7.
Close the Access Definition Editor.
7.2.3 Create Data Privacy Objects
To mask name and address columns, the Data Privacy option first
creates master lookup tables with realistic yet fictionalized entries
from the sample data that was loaded during Optim installation.
The Data Privacy option uses a view of these lookup tables as the
foundation for lookup-based masking functions.
To mask name entries, Optim matches unique Oracle ID numbers
from the master lookup table and the destination table. Optim uses
the corresponding values from the lookup table to create a view.
To mask address entries, Optim accesses multiple lookup tables
and creates a view with data from different geographies. As with
masking names, Optim matches the unique Oracle IDs from the
various source tables and the destination table. The resulting view
maintains geographically realistic address data that will be used in
masking your data.
The Data Privacy option provides a script in the sql folder of the
installation directory to create the objects that are necessary for
using the option.
Installation and Configuration Guide
63
7. Data Privacy Option for Oracle E-Business Suite
Use SQL*Plus to run the “create_optim_ebs_dp_objects.sql”
script and create Data Privacy objects including control tables,
lookup tables, and materialized views. The script creates the
following objects.
Object Type
Object Name
Table
OPTIM_EBS_DP_LKP_CONTROL
Table
OPTIM_EBS_DP_NAMES_LKP_MASTER
Table
OPTIM_EBS_DP_ADDRS_LKP_MASTER
Package
OPTIM_EBS_DP_LKP_PKG
Package Body
OPTIM_EBS_DP_LKP_PKG
Procedure
INSERT_CNTRL_DATA
Procedure
INSERT_NAMES_DATA
Procedure
INSERT_ADDRESSES_DATA
Procedure
CREATE_MVIEWS
Materialized View
OPTIM_EBS_DP_NAMES_LKP_MV
Materialized View
OPTIM_EBS_DP_ADDRESSES_LKP_MV
Many of these objects can be customized to meet the particular
data privacy needs of your organization. See Data Privacy
Objects on page 84 for more information on customizing data
privacy objects.
With the Data Privacy objects set up, you can now implement the
Data Privacy option.
64
Optim TDM and DP Solutions for Oracle E-Business Suite
7.3 Implementing the Data Privacy Option
7.3 Implementing the Data Privacy Option
To implement the Data Privacy option, you must set up your target
database environment. Once you have the proper environment in
place, extract data from the production database and insert the
extracted data into the target database using the provided data
privacy definitions. The result is a privatized database with usable
data.
7.3.1 Set Up Environment
First, you must set up your Oracle E-Business target database
environment.
1.
Clone the source (production) Oracle E-Business database to
create the target database (for example, development, testing,
or training). This clone contains the current production data.
2.
Use the Test Data Management truncate scripts on the target
database to truncate the tables from which you will extract
data in the source database. (See Appendix B. Truncating
Target Tables.) Reorganize the target table spaces to reduce
the size of the database.
3.
Ensure that the Optim Server is configured with connectivity
to both the source and target databases (see Chapter 2.
Installing Optim). Import the Optim definitions (see Import
Data Privacy Definitions on page 59).
7.3.2 Run the Extract Request
Next, run an Extract Request using Optim. Use the following
procedure to extract data from the source database.
1.
On the Optim main window, select File > Open.
2.
In the Identifier pane on the Open window, expand Extract
Request and double-click the identifier associated with the
import file, A4SOAE. Double-click the grid row for the
Installation and Configuration Guide
65
7. Data Privacy Option for Oracle E-Business Suite
appropriate Extract Request.(Refer to the table in
Section 7.2.3 Create Data Privacy Objects on page 63).
3.
On the Extract Request Editor, General tab, enter a name for
the Extract File or use the specified default. Verify that the
correct Access Definition is specified. (Refer to the table in
Section 7.2.3 Create Data Privacy Objects on page 63).
4.
Select Tools > Edit Access Definition to open the Access
Definition Editor. Ensure Default Qualifier contains the
correct DB Alias and Creator ID for your source database.
Close the Access Definition Editor.
5.
On the Extract Request Editor, Objects tab, verify that only
Objects are selected, not Extended Objects.
6.
Select File > Run to create the Extract File.
7.
On the Extract File Variable Values dialog, enter values to
identify the selection criteria that Optim will use to extract
user data. Set the boundaries for the Person IDs that will be
used to generate privatized data from the view. Set the upper
and lower limits of the PERSON_FROM and PERSON_TO
variable values.
8.
When the Extract Process is complete, you can view the
results in the Extract Process Report.
9.
Close the Extract Request Editor.
7.3.3 Mask and Insert the Extract File Data
Use the following procedure to mask and insert your data into the
target database.
66
1.
On the Optim main window, select File > Open.
2.
In the Identifier pane on the Open window, expand Insert
Request and double-click the identifier associated with the
Optim TDM and DP Solutions for Oracle E-Business Suite
7.3 Implementing the Data Privacy Option
Insert Request, A4SOAE. Double-click the grid row for the
Insert Request to open the Insert Request Editor (Refer to the
table in Section 7.2.3 Create Data Privacy Objects on
page 63).
3.
On the Insert Request Editor, enter the Server Name. On the
General tab, select the name of the Source File or click the
Retrieve last created Source File button
to retrieve the
name of the last created Extract File.
4.
Enter a Control File name or select an existing one.
5.
In the Table Map Options group box, select Named. Click
the browse button to open the Select a Table Map window. In
the Identifier pane, double-click the identifier associated with
the Table Map, A4SOAE. Double-click the grid row for the
appropriate Core HRMS Table Map to populate the Table
Map name on the Insert Request Editor.
6.
On the Insert Request Editor, select Tools > Edit Table Map
to open the Table Map Editor. Click the Destination
Qualifier down arrow and select the qualifier for tables in
your target database. (You can also click the browse button to
open the Select a Default Destination Qualifier window.)
Close the Table Map Editor and save changes.
7.
On the Insert Request Editor, General tab, select Insert in the
Process Options group box when you request the first Insert
for a module. For subsequent Insert Requests, select Update/
Insert.
8.
In the Disable Triggers and Disable Constraints group
boxes, select Always.
9.
Select File > Run to insert data from the Extract File into
your target database.
Installation and Configuration Guide
67
7. Data Privacy Option for Oracle E-Business Suite
10. When the Insert Process is complete, you can view the results
in the Insert Process Report.
11. Close the Insert Request Editor.
7.3.4 Verify Masked Data
Be sure to verify that your sensitive data has been successfully
masked. Use Optim Compare or another method to confirm that
the values in your target database have been replaced with
meaningful yet fictional data.
For more information on using Optim Compare refer to the Optim
Compare User Manual.
68
Optim TDM and DP Solutions for Oracle E-Business Suite
7.4 Scenario - Core HRMS Module
7.4 Scenario - Core HRMS Module
The following scenario illustrates how to use the Data Privacy
option in conjunction with the Test Data Management Solution for
Oracle E-Business Suite. The scenario assumes that you have
already installed Optim, and configured the DB Aliases used in
this scenario (as described in Chapter 2. Installing Optim).
The scenario also assumes you have the Data Privacy option as
part of your Test Data Management Solution configuration, and
have created a target database with a subset of your Core HRMS
records. The personal information you will extract from your
database was created by the HRMS module.
This scenario includes the following steps:
1.
Extract Core HRMS data from the source database.
2.
Edit the Optim Data Privacy definitions.
3.
Mask and insert data in the target database.
Installation and Configuration Guide
69
7. Data Privacy Option for Oracle E-Business Suite
7.4.1 Extract Core HRMS Data from the Source Database
Once you have set up the environment, use Optim to extract Core
HRMS personal data from your source database.
70
1.
On the Optim main window, select File > Open.
2.
In the Identifier pane on the Open window, expand Extract
Request and double-click the identifier associated with the
Extract Request, A4SOAE. Double-click the grid row for the
Extract Request, ERCHR11510DP, to open the Extract
Request Editor.
Optim TDM and DP Solutions for Oracle E-Business Suite
7.4 Scenario - Core HRMS Module
3.
On the Extract Request Editor, General tab, enter a name for
the Extract File or use the specified default. Verify that the
correct Access Definition is specified (ADCHR11510DP).
Click the browse button to select the Access Definition name.
4.
Select Tools > Edit Access Definition to open the Access
Definition Editor. Change the Default Qualifier to the correct
DB Alias and Creator ID for your source database.
5.
On the Extract File Variable Values dialog, enter Person ID
values for PERSON_FROM and PERSON_TO. The range
Installation and Configuration Guide
71
7. Data Privacy Option for Oracle E-Business Suite
between the two values should equal or exceed the number of
entries being masked.
72
6.
Select File > Run or click the Run icon to create the Extract
File.
7.
Disregard any warnings about NEW relationships.
8.
When the Extract Process is complete, you can view the
results in the Extract Process Report.
9.
Close the Extract Request Editor.
Optim TDM and DP Solutions for Oracle E-Business Suite
7.4 Scenario - Core HRMS Module
7.4.2 Edit the Data Privacy Definitions
Before inserting your data, edit the Optim HRMS definition for
privatizing age information using the Column Map Editor.
1.
On the Optim main window, select Definitions > Column
Map.
2.
On the Column Map Editor window, select File > Open.
3.
Select the Column Map with PER_ALL_PEOPLE_F in the
Table column.
4.
In the Source section of the Respecify Column Map Tables
window, browse for your Extract File or select the file from
Installation and Configuration Guide
73
7. Data Privacy Option for Oracle E-Business Suite
the drop down menu. Select the PER_ALL_PEOPLE_F table
from the Table list and click OK.
5.
74
In the Column Map Editor, update row 14 with a new Data
Privacy definition. The default masking technique is to age a
column value by 2 years, 6 months, 40 weeks, and 15 days,
and apply a rule, using the following Age Function:
Optim TDM and DP Solutions for Oracle E-Business Suite
7.4 Scenario - Core HRMS Module
AGE(+2Y,+6M,+40W,+15D,RU=NEXTPAYDAY)
Instead, use a different masking technique that alters the column
value using a Default Adjustment. Update the value by using the
following the Age Function:
AGE(DEF,RU=NEXTPAYDAY)
6.
Save and close the Column Map Editor.
Installation and Configuration Guide
75
7. Data Privacy Option for Oracle E-Business Suite
7.4.3 Insert the Extract File
Once you have your Extract File, use Optim to insert the HRMS
personal data into the target database using the Data Privacy
definitions.
76
1.
On the Optim main window, select File > Open.
2.
In the Identifier pane on the Open window, expand Insert
Request and double-click the identifier associated with the
Insert Request, A4SOAE. Double-click the grid row for the
appropriate Insert Request (see the table in Section 7.2.3
Create Data Privacy Objects on page 63) to open the Insert
Request Editor.
3.
On the Insert Request Editor, enter the Server Name. On the
General tab, select the name of the Source File or click the
Optim TDM and DP Solutions for Oracle E-Business Suite
7.4 Scenario - Core HRMS Module
Retrieve last created Source File button
name of the last created Extract File.
to retrieve the
4.
Enter a Control File name or select an existing one.
5.
In the Table Map Options group box, select Named. Click
the browse button to open the Select a Table Map window. In
the Identifier pane, double-click the identifier associated with
the Table Map, A4SOAE. Double-click the grid row for the
appropriate Table Map (see the table in Section 7.2.3 Create
Data Privacy Objects on page 63) to populate the Table Map
name on the Insert Request Editor window.
Installation and Configuration Guide
77
7. Data Privacy Option for Oracle E-Business Suite
6.
On the Insert Request Editor, select Tools > Edit Table Map
to open the Table Map Editor. Click the Destination
Qualifier down arrow and select the qualifier for tables in
your target database. (You can also click the browse button to
open the Select a Default Destination Qualifier window.)
Close the Table Map Editor and save changes.
7.
On the Insert Request Editor, General tab, select Insert in the
Process Options group box when you request the first Insert
process for a module. For subsequent Insert Requests, select
Update/Insert.
8.
In the Disable Triggers and Disable Constraints group
boxes, select Always.
9.
Select File > Run to insert data from the Extract File into
your target database.
10. When the Insert Process is complete, you can view the results
in the Insert Process Report.
11. Close the Insert Request Editor.
7.4.4 Verify the Target Database
Log on to Oracle E-Business and access the target database. Verify
that the personal data has been masked. Select the HRMS system
and navigate to the employee information screen. Verify that the
HRMS data has been masked.
You now have a working database with privatized and usable data.
78
Optim TDM and DP Solutions for Oracle E-Business Suite
7.5 Data Privacy Reference Material
7.5 Data Privacy Reference Material
This section covers the following information:
• Masking methods
• Oracle HRMS Database Tables
• Oracle HRMS Columns for Masking
• Data Privacy Objects
7.5.1 Masking Methods
Depending on the column, the Data Privacy option masks sensitive
data using one of several functions. For detailed information on
each function refer to the Optim Common Elements Manual.
Lookup Function
For names and addresses, the Data Privacy option uses lookup
tables to mask information while keeping the data usable. The
Column Map lookup function populates the destination column
based on a “view” that is created from the source table using an
SQL script. The Lookup Function selects values based on the
entries in the source table.
Hash Lookup Function
The Hash Lookup Function obtains the value for a destination
column from a lookup table, according to a hashed value derived
from a source column. The Hash Lookup Function allows you to
consistently mask data using the same source and lookup tables in
any environment.
AGE Function
The Age Function is used to age values in a source column. The
source column can contain character, numeric, date, or timestamp
data. Note that a CHAR or VARCHAR column has a maximum
Installation and Configuration Guide
79
7. Data Privacy Option for Oracle E-Business Suite
length of 256 bytes. The Age Function is formatted as:
AGE(parameters)
TRANS COL Function
The TRANS COL function can mask data that has no inherent
format or a format that is not widely known. TRANS COL
maintains the format and character type of the source data at the
destination.
Data types CHAR, VARCHAR and non-float numeric can be
masked with TRANS COL. Alphabetic and numeric characters are
masked, but any other characters in the source data are copied to
the destination without being changed. You can generate unique
values for unique source data. For non-unique source data, you can
generate a different value for each occurrence of the same source
and you can generate values with a length different from the
source. The source data format and character type determines the
format and character type of the destination data. If the source data
is uppercase alphabetic characters, the output generated at the
destination is uppercase alphabetic.
For more information on the TRANS COL function, see the
TRANS COL Data Privacy Function support document at the
following site:
http://www-01.ibm.com/support/
docview.wss?rs=0&context=SSCGNPF&context=SSCGNPH&co
ntext=SSC253J&dc=DB550&dc=DB560&uid=swg21424217&lo
c=en_US&cs=utf-8&lang=
80
Optim TDM and DP Solutions for Oracle E-Business Suite
7.5 Data Privacy Reference Material
7.5.2 Oracle HRMS Database Tables
Below are the Oracle Core HRMS Schema tables that contain the
personal information that is masked using the Data Privacy option:
• PER_ALL_PEOPLE_F
• PER_PHONES
• PER_ADDRESSES
PER_ALL_PEOPLE_F
The PER_ALL_PEOPLE_F table holds personal information for
individuals associated with the HR department. Individuals
include employees, applicants, ex-employees, ex-applicants,
contacts and other site-specific categories of people.
PER_PHONES
The PER_PHONES table holds phone numbers for current
employees, former employees and other contacts.
PER_ADDRESSES
The PER_ADDRESSES table holds address information for
current and ex-employees and other contacts. See Oracle
documentation for pertinent information regarding the handling of
primary addresses.
Installation and Configuration Guide
81
7. Data Privacy Option for Oracle E-Business Suite
7.5.3 Oracle HRMS Columns for Masking
The following columns in the Core HRMS tables will be
considered for masking.
Column Name
Table Name
Masking Type
Last Name
PER_ALL_PEOPLE_F
Values are masked with a meaningful
Last Name from the Lookup Table.
First Name
PER_ALL_PEOPLE_F
Values are masked with a meaningful
First Name from the Lookup Table.
Middle Name
PER_ALL_PEOPLE_F
If the source columns are populated,
the new value is randomly picked
(name or initial) from the Lookup View
based PERSON_ID.
Known As
PER_ALL_PEOPLE_F
Values are randomly substituted only if
source is not null.
Previous Name
PER_ALL_PEOPLE_F
If the record qualifies for Previous
Name, non-null values from the source
data are populated from Lookup
values.
Email ID
PER_ALL_PEOPLE_F
Lookup values are populated based on
person ID and the new masked name
assigned to the non-production
environment. User can determine the
e-mail suffix based on lookup values
setup.
Employee Number
PER_ALL_PEOPLE_F
The Optim Random function is used to
mask the data in this column.
Replacement values must conform to
the same formatting as the original
source value. The masking technique
will synchronize data to the
EMPLOYEE_NUMBER in the
PER_ALL_ASSIGNMENTS_F table
and other applicable areas.
National Identifier/SSN PER_ALL_PEOPLE_F
This column uses the Optim Trans Col
Function for U.S. geography data to
mask government ID data.
82
Optim TDM and DP Solutions for Oracle E-Business Suite
7.5 Data Privacy Reference Material
Column Name
Table Name
Masking Type
Date of Birth
PER_ALL_PEOPLE_F
This key column is used as a unique
identifier in many cases. The data is
masked and the validity is checked.
Birth dates are replaced by a range of
random dates ensuring that the age is
not too old or young.
Town of Birth
PER_ALL_PEOPLE_F
Standard Optim masking techniques
of either Lookup or Random functions
are used.
Region of Birth
PER_ALL_PEOPLE_F
Standard Optim masking techniques of
either Lookup or Random functions
are used.
Country of Birth
PER_ALL_PEOPLE_F
Standard Optim masking techniques of
either Lookup or Random functions
are used.
Address Line 1
PER_ADDRESSES
The first line is given a meaningful yet
fictional street address and the
remainder is set to null unless there is
a requirement for multi-line street
addresses.
Address Line 2
PER_ADDRESSES
The first line is given a meaningful yet
fictional street address and the
remainder is set to null unless there is
a requirement for multi-line street
addresses.
Address Line 3
PER_ADDRESSES
The first line is given a meaningful yet
fictional street address and the
remainder is set to null unless there is
a requirement for multi-line street
addresses.
City
PER_ADDRESSES
This column is set from a list of town or
city names.
Zip
PER_ADDRESSES
This field is masked as a valid value
based on City and State.
Installation and Configuration Guide
83
7. Data Privacy Option for Oracle E-Business Suite
Column Name
Table Name
Masking Type
County
PER_ADDRESSES
Depending on the City, State and Zip
Code combination, the county value is
populated using the algorithm or
lookup values.
Phone Number
PER_ADDRESSES
Phone numbers are replaced with
realistic random data.
PER_PHONES
License Number
PER_ALL_PEOPLE_F
If the source values are populated,
then a random number or null is
replaced on the target database. There
is no Oracle application integrity built
on this column value.
Work Phone
PER_ALL_PEOPLE_F
Phone numbers are replaced with
realistic random data.
7.5.4 Data Privacy Objects
Control Table
The OPTIM_EBS_DP_LKP_CONTROL table is the control table,
which allows the end users to control the Source and Destination
(Lookup) tables. Following is the structure of the table:
Column Name
Data type
Default
Column Description
SEQ
NUMBER
NOT NULL
Unique identifier
MODULE
VARCHAR2(3)
NOT NULL
Module name 'CHR'
NAME
VARCHAR2(60)
TABLE_NAME
VARCHAR2(30)
84
Table information
NOT NULL
Name of the table
Optim TDM and DP Solutions for Oracle E-Business Suite
7.5 Data Privacy Reference Material
Column Name
Data type
Default
Column Description
QUICKCODE
VARCHAR2(10)
Source/destination indicator (also
indicates whether name or
address)
SN - Source Name
DN - Destination Name
SA - Source Address
DA - Destination Address
DK - Destination Known As
DE - Destination Email Address
CCODE
VARCHAR2(30)
Country Code (2 Digit)
should match with Oracle
Country Code
ACTIVE
CHAR(1)
NOT NULL 'Y' Y/N value to enable/disable the
use of the particular table
SQLTEXT
VARCHAR2(4000)
NOT NULL
DESCRIPTION
VARCHAR2(100)
SQL string
Description/additional information
By default, the Data Privacy option inserts the following rows in
the Control Table.
SEQ
Mod.
NAME
TABLE_NAME
QUICK
CODE
1001
CHR
1002
CHR
2001
CCODE
ACTIVE
Names Source
PER_ALL_PEOPLE_F
SN
Y
Address Source
PER_ADDRESSES
SA
Y
CHR
AU-Names
OPTIM_AU_LASTNAME
DN
AU
Y
2002
CHR
CA-Names
OPTIM_CA_LASTNAME
DN
CA
N
2003
CHR
DE-Names
OPTIM_DE_LASTNAME
DN
DE
N
2004
CHR
ES-Names
OPTIM_ES_LASTNAME
DN
ES
Y
2005
CHR
FR-Names
OPTIM_FR_LASTNAME
DN
FR
Y
2006
CHR
IT-Names
OPTIM_IT_LASTNAME
DN
IT
Y
2007
CHR
UK-Names
OPTIM_UK_LASTNAME
DN
GB
Y
2008
CHR
US-Names
OPTIM_US_LASTNAME
DN
US
Y
4001
CHR
AU- Addresses
OPTIM_AU_ADDRESSES
DA
AU
Y
4002
CHR
CA- Addresses
OPTIM_CA_ADDRESSES
DA
CA
Y
Installation and Configuration Guide
85
7. Data Privacy Option for Oracle E-Business Suite
4003
CHR
UK- Addresses
OPTIM_UK_ADDRESSES
DA
GB
Y
4004
CHR
DE- Addresses
OPTIM_DE_ADDRESSES
DA
DE
Y
4005
CHR
ES- Addresses
OPTIM_ES_ADDRESSES
DA
ES
Y
4007
CHR
FR- Addresses
OPTIM_FR_ADDRESSES
DA
FR
N
4006
CHR
IT- Addresses
OPTIM_IT_ADDRESSES
DA
IT
Y
4000
CHR
US- Addresses
OPTIM_US_ADDRESSES
DA
US
Y
9001
CHR
E-mail Format
DE
Y
9002
CHR
Known As
Format
OPTIM_EBS_DP_NAMES
_LKP_MASTER
OPTIM_EBS_DP_NAMES
_LKP_MASTER
DK
Y
The Optim Data Privacy option will lookup data from these target
tables and mask your source table data.
The control table also inserts an SQLTEXT column. To find the
existing values for the SQLTEXT column, use the following
command:
SQL> Select Table_Name, SQLTEXT from
OPTIM_EBS_DP_LKP_CONTROL;
Lookup Tables
Data in the name and address lookup master tables are loaded by
executing the SQL string in the Control Table. The names lookup
master table (OPTIM_EBS_DP_NAMES_LKP_MASTER) has
the following structure:
Column Name
Data type
NID
VARCHAR2(30)
Identifier. The last digit Indicates
gender. (M -Male/F -Female)
LASTNAME
VARCHAR2(100)
Last Name
FIRSTNAME
VARCHAR2(30)
First Name
E_CODE
VARCHAR2(3)
US
Ethnicity Code (AU, CA, FR, IT,
DE, ES, US, GB)
ETHNICITY
VARCHAR2(50)
American
Ethnicity (Australian, Canadian,
French, Italian, German,
Spanish, American, UK)
86
Default
Column Description
Optim TDM and DP Solutions for Oracle E-Business Suite
7.5 Data Privacy Reference Material
The address lookup master table
(OPTIM_EBS_DP_ADDRD_LKP_MASTER) has the following
structure:
Column Name
Data type
SEQ
NUMBER
Identifier
ADDRESS_LINE1
VARCHAR2(100)
Address Line 1
ADDRESS_LINE2
VARCHAR2(100)
Address Line 2
ADDRESS_LINE3
VARCHAR2(100)
Address Line 3
CITY
VARCHAR2(100)
Town or City
COUNTY
VARCHAR2(100)
County - For US Address only
STATE
VARCHAR2(4)
POSTAL_CODE
VARCHAR2(16)
COUNTRY
VARCHAR2(2)
Note:
Default
CA
Column Description
State - For US Address only
Zip Code
US
Two digit Country Code
There are city-county-state combinations in Optim Data
Privacy tables which do not exist as combinations in
Oracle. If addresses are masked with an invalid
combination, you will get a note/error message in the
Addresses Form. The error can be avoided by selecting
appropriate combination of city, county and state.
Modifying the Control Table
For greater customization, you may modify the values of the
control table. To manually change the values, run the following
processes in sequence:
1.
Insert data into control table.
2.
Insert data into the Names Master Lookup table.
3.
Insert data into the Address Master Lookup table.
4.
Create materialized views.
Installation and Configuration Guide
87
7. Data Privacy Option for Oracle E-Business Suite
Notes: While making changes to the control table, remember
that the value for MODULE is always ‘CHR’ for HRMS
Data.
88
•
The value in the CCODE should match the Oracle
Country Code.
•
If you manually change any target table names for Names
and Addresses in the TABLE_NAME column, the values
in the SQLTEXT column must also be changed to reflect
the modifications.
•
If the ACTIVE column value for a row is set to N, then
that table will not be used in a master lookup table or
materialized view.
•
By default, the Data Privacy option masks e-mail
addressees by generating a user name from the first initial
and last name of the masked entry from the name lookup.
The default domain name is ‘xyzco.com’. To make
changes to the default settings, you must manually edit
the control table.
Optim TDM and DP Solutions for Oracle E-Business Suite
Related documents
API Reference Guide - Relational Database Consultants, Inc.
API Reference Guide - Relational Database Consultants, Inc.
USB-IF Trademark License Agreement
USB-IF Trademark License Agreement
IBM Optim: Move User Manual
IBM Optim: Move User Manual
IBM InfoSphere Optim: Move User Manual
IBM InfoSphere Optim: Move User Manual
AutoCAD 2D Tutorial - Guntur Municipal Corporation
AutoCAD 2D Tutorial - Guntur Municipal Corporation
IBM Optim: Edit User Manual
IBM Optim: Edit User Manual
Miltronics 10138-DA410 User Manual Rev 2.7
Miltronics 10138-DA410 User Manual Rev 2.7
DA 430 User Manual
DA 430 User Manual
User Manual - MeterMall.com
User Manual - MeterMall.com
ODBC Connectivity - the Department of Statistics
ODBC Connectivity - the Department of Statistics
IBM Optim: Compare User Manual
IBM Optim: Compare User Manual
VMware Lab Manager User`s Guide
VMware Lab Manager User`s Guide
as a PDF
as a PDF
Oracle OLAP User's Guide
Oracle OLAP User's Guide
IBM Optim: Optim Installation and Configuration Guide
IBM Optim: Optim Installation and Configuration Guide
IBM Optim Installation and Configuration Guide
IBM Optim Installation and Configuration Guide
User Manual - Sign On
User Manual - Sign On